diff options
| author | Ben Hutchings <ben@decadent.org.uk> | 2019-02-14 15:24:06 +0000 |
|---|---|---|
| committer | Ben Hutchings <ben@decadent.org.uk> | 2019-03-19 01:26:54 +0000 |
| commit | c4da598be91aaeba098bf112270ab920ef3f6977 (patch) | |
| tree | ce035cf4cfb4367aa45c8aaf180ae614384410c5 | |
| parent | 0a388832cb4a7e9dfe1265fa04d1c441e9730e23 (diff) | |
Add CVE-2019-3462 to errata for jessie installer
| -rw-r--r-- | english/releases/jessie/debian-installer/index.wml | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/english/releases/jessie/debian-installer/index.wml b/english/releases/jessie/debian-installer/index.wml index e6d420f9cce..17dd608ec8a 100644 --- a/english/releases/jessie/debian-installer/index.wml +++ b/english/releases/jessie/debian-installer/index.wml @@ -174,6 +174,19 @@ for other known problems. <br /> - Run <code>apt-get upgrade --with-new-pkgs</code> <br /> - Reboot to complete the upgrade. </dd> + + <dt>APT was vulnerable to a man-in-the-middle attack</dt> + + <dd>A bug in the APT HTTP transport method + (<a href="https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html">CVE-2019-3462</a>) + could be exploited by an attacker located as a man-in-the-middle between APT + and a mirror to cause the installation of additional, malicious, packages. + + <br /> This can be mitigated by disabling use of the network during + initial installation and then upgrading following the instructions in + <a href="$(HOME)/lts/security/2019/dla-1637">DLA-1637</a>. + + <br /> <b>Status:</b> This has been fixed in 8.11.1</dd> </dl> <h3 id="errata-r0">Errata for release 8.0</h3> |